Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-04 | CVE-2018-12472 | Improper Authentication vulnerability in Suse Subscription Management Tool A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. | 9.1 |
| 2018-10-03 | CVE-2018-6689 | Improper Authentication vulnerability in Mcafee Data Loss Prevention Endpoint Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. | 7.8 |
| 2018-10-02 | CVE-2018-17786 | Improper Authentication vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | 9.8 |
| 2018-10-01 | CVE-2018-1672 | Improper Authentication vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. | 6.3 |
| 2018-09-28 | CVE-2018-9080 | Improper Authentication vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. | 5.9 |
| 2018-09-27 | CVE-2018-7108 | Improper Authentication vulnerability in HPE Storageworks XP7 Automation Director 8.5.202 HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. | 5.9 |
| 2018-09-25 | CVE-2018-1539 | Improper Authentication vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. | 6.5 |
| 2018-09-23 | CVE-2018-17341 | Improper Authentication vulnerability in Bigtreecms Bigtree CMS 4.2.23 BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI. | 8.1 |
| 2018-09-21 | CVE-2018-12169 | Improper Authentication vulnerability in multiple products Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | 7.6 |
| 2018-09-19 | CVE-2018-12242 | Improper Authentication vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | 9.8 |